A flaw was discovered in mod_imap when using the Referer directive with
image maps that could be used by a remote attacker to perform a cross-
site scripting attack, in certain site configurations, if a victim
could be forced to visit a malicious URL using certain web browsers
(CVE-2005-3352).

Also, a NULL pointer dereference flaw was found in mod_ssl that affects
server configurations where an SSL virtual host was configured with
access controls and a custom 400 error document. This could allow a
remote attacker to send a carefully crafted request to trigger the
issue and cause a crash, but only with the non-default worker MPM
(CVE-2005-3357).

The provided packages have been patched to prevent these problems.
_______________________________________________________________________